Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5644 1 Icz 1 Matchasns 2025-04-12 N/A
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2015-5687 1 Anchorcms 1 Anchor Cms 2025-04-12 N/A
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
CVE-2014-1769 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.
CVE-2014-2558 1 Skyphe 1 File-gallery 2025-04-12 N/A
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
CVE-2014-3065 2 Ibm, Redhat 3 Java, Network Satellite, Rhel Extras 2025-04-12 N/A
Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.
CVE-2014-3915 1 Rocketsoftware 1 Rocket Servergraph 2025-04-12 N/A
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.
CVE-2014-5519 1 Phpwiki Project 1 Phpwiki 2025-04-12 N/A
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
CVE-2014-8998 1 X7chat 1 X7 Chat 2025-04-12 N/A
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
CVE-2014-9001 1 Incrediblepbx 1 Incredible Pbx 11 2025-04-12 N/A
reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.
CVE-2014-9280 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.
CVE-2015-1399 1 Magento 1 Magento 2025-04-12 N/A
PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files.
CVE-2015-1675 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2025-04-12 N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
CVE-2014-3789 1 Cogentdatahub 1 Cogent Datahub 2025-04-12 N/A
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-3805 1 Alienvault 1 Open Source Security Information Management 2025-04-12 N/A
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
CVE-2014-3911 1 Samsung 1 Ipolis Device Manager 2025-04-12 N/A
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
CVE-2014-3910 1 Emurasoft 1 Emftp 2025-04-12 N/A
Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension.
CVE-2014-3947 1 Alex Kellner 1 Powermail 2025-04-12 N/A
Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.
CVE-2014-4663 1 Binarymoon 2 Timthumb, Wordthumb 2025-04-12 N/A
TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.
CVE-2014-4767 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2014-3444 1 Realnetworks 1 Realplayer 2025-04-12 N/A
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.